"Two flaws in vBulletin forum software are under attack."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 June 2025, 2137 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers25 articles per week

#security#tech

27

Most popular

Two flaws in vBulletin forum software are under attack

IoC > 1 IP

•

by Pierluigi Paganini / 7h

•

2 TTPs

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild. An unauthenticated user could exploit CVE-2025-48827 (CVSS score of 10) t

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

by Pierluigi Paganini / 8h

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents Inside a VenomRAT Malware Campaign Fake Google Meet Page Tricks Users into Running PowerShell Malware Dero mi

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

US sanctions Funnull Technology for scams

•

by Pierluigi Paganini / 2d

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams , causing $200M in U.S. victim losses. A romance scam is a type of online

Yesterday

Security Affairs newsletter Round 526 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 11h

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two Linux flaws can lead to the disclosure of sensitive data Meta stopped covert operations from Iran, China, and Romania spreading propaganda US Tr

Two Linux flaws can lead to the disclosure of sensitive data

3 TTPs

•

by Pierluigi Paganini / 1d

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora distros. Researchers discovered a vulnerability in Apport (Ubuntu’s core dump handler) and another bug in systemd-coredump, which is used in the default configuration of Red Hat Enterprise Linux 9 and the Fedora distribution. systemd-coredump auto

May 30, 2025

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta disrupts influence operations globally

•

by Pierluigi Paganini / 2d

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms. Meta announced the disruption of three influence operations from Iran, China, and Romania using fake accounts to spread propaganda and manipulate discourse on Facebook, Instagram, and more. The social media giant pointed out that it had removed covert influence ca

May 29, 2025

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor

Defense Evasion (Enterprise TA0005)

•

by Pierluigi Paganini / 2d

ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that the attack impacted a small number of its ScreenConnect customers. “ConnectWise recently learned of suspicious activity within our environment

Victoria’s Secret ‘s website offline following a cyberattack

IoC > 1 domain

•

by Pierluigi Paganini / 3d

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers. American lingerie, clothing, and beauty retailer Victoria’s Secret took its website offline following a cyberattack. At this time, the site shows the following message: “Valued customer, we identified and are taking steps to address a security incident. We have taken dow

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

18 TTPs

•

by Pierluigi Paganini / 3d

•

Chinese hackers exploit Google Calendar

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” In late October 2024, GTIG discovered an exploited government website hosting malware being used to target multiple oth

May 28, 2025

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

IoC > 1 domain

•

by Pierluigi Paganini / 3d

•

3 TTPs

GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. “Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempt

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

3 TTPs

•

by Pierluigi Paganini / 4d

•

EU threatens China over cyberattacks

The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 a

New PumaBot targets Linux IoT surveillance devices

IoC > 1 domain

•

by Pierluigi Paganini / 4d

•

18 TTPs

•

PumaBot botnet targets Linux IoT

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its C2 server to

App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years

by Pierluigi Paganini / 4d

Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams from deceptive apps to fake payment schemes on the App Store. In the past five years alone, Apple says it has blocked over $9 billion in fraudulent transactions, more than $2 billion of that in 2024, highlighting its ongoing efforts to keep users safe. Since its 2008 launch, Apple’s App Store has grown into a truste

May 27, 2025

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

IoC > 1 domain

•

by Pierluigi Paganini / 4d

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT . “A malicious

Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks

Iranian man pleads guilty ransomware

•

by Pierluigi Paganini / 4d

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy. Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that hit U.S. cities, including Baltimore and Greenville. The attacks caused major disruptions and over $19 million in damages to Baltimore alone, affecting key services l

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

IoC > 1 URL and 1 hash

•

by Pierluigi Paganini / 4d

•

8 TTPs

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. Sophos researchers reported that a DragonForce ransomware operator exploited three chained vulnerabilities in SimpleHelp software to attack a managed service provider. SimpleHelp is a remote support and access software designed for IT professionals and support team

Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack

2 TTPs

•

by Pierluigi Paganini / 5d

•

Russian hackers target NATO and police

A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch police security breach in September 2024. Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Defence Intelligence and Security Service (MIVD) have linked a previously undetected Russia-linked group, tracked Laundry Bear (aka Void Blizzard), to a 2024 police breach. In October 2024, the

May 26, 2025

Nova Scotia Power confirms it was hit by ransomware attack but hasn’t paid the ransom

4 TTPs

•

by Pierluigi Paganini / 5d

•

Nova Scotia Power data breach confirmed

Nova Scotia Power confirms it was hit by a ransomware attack but hasn’t paid the ransom, nearly a month after first disclosing the cyberattack. Nova Scotia Power confirmed it was hit by a ransomware attack nearly a month after disclosing a cyber incident. The company revealed it hasn’t paid the ransom. Nova Scotia Power Inc. is a vertically integrated electric utility serving the province of Nova

Crooks stole over $200 million from crypto exchange Cetus Protocol

2 TTPs

•

by Pierluigi Paganini / 5d

Cetus Protocol reported a $223 million crypto theft and is offering to drop legal action if the stolen funds are returned. Last week, threat actors stole about $223 million from decentralized crypto exchange Cetus. The platform was paused during the investigation and later confirmed the cyber heist. Alert Announcement There was an incident detected on our protocol and our smart contract has been

Marlboro-Chesterfield Pathology data breach impacted 235,911 individuals

3 TTPs

•

by Pierluigi Paganini / 6d

•

Marlboro-Chesterfield Pathology data breach

SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach. SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach at the North Carolina-based lab. Marlboro-Chesterfield Pathology (MCP), founded in 1990 in Pinehurst, NC, is a full-service lab offering molecular, cytology, and pathol

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

17 TTPs

•

by Pierluigi Paganini / 6d

China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and Asia-Pacific, according to EclecticIQ. Researchers from EclecticIQ observed a China-linked APT group that chained two Ivanti EPMM flaws, tracked as CVE-2025-4427 and CVE-2025-4428 , in attacks against organizations in Europe, North America, and Asia-Pacific. Below is the description of the flaw

May 25, 2025

Fake software activation videos on TikTok spread Vidar, StealC

15 TTPs

•

by Pierluigi Paganini / 6d

•

AI TikTok videos install malware

Crooks use TikTok videos with fake tips to trick users into running commands that install Vidar and StealC malware in ClickFix attacks. Cybercriminals leverage AI-generated TikTok videos in ClickFix attacks to spread Vidar and StealC malware, reports Trend Micro. These videos trick users into running PowerShell commands disguised as software activation steps for tools like Windows, Office, CapCut

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 46

by Pierluigi Paganini / 7d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack – How a Trusted IT Tool Became a Malware Delivery Vector Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts RedisRaider: Weaponizing mis

Security Affairs newsletter Round 525 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 7d

A new round of the weekly Securitythe weekly Security Affairs newsletterAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Silent Ransom Group targeting law firms, the FBI warns Leader of Qakbot cybercrime network indicted in U.S. crackdow

May 24, 2025

Operation ENDGAME disrupted global ransomware infrastructure

Initial Access (Enterprise TA0001)

•

20by Pierluigi Paganini / 7d

•

Operation Endgame disrupts ransomware

Operation ENDGAME dismantled key ransomware infrastructure, taking down 300 servers, 650 domains, and seizing €21.2M in crypto. From May 19 to 22, 2025, Operation ENDGAME, coordinated by Europol and Eurojust, disrupted global ransomware infrastructure. Law enforcement took down down 300 servers and 650 domains, and issuing 20 international arrest warrants. “A Command Post was set up at Europol he

Silent Ransom Group targeting law firms, the FBI warns

5 TTPs

•

by Pierluigi Paganini / 8d

•

FBI warns law firms of cyberattacks

FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback phishing and social engineering extortion tactics. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. law firms using phishing and social engineering. Linked to BazarCall campaigns, the group previously enabled Ryuk and Conti ransomware attacks. “The cyber

Leader of Qakbot cybercrime network indicted in U.S. crackdown

3 TTPs

•

by Pierluigi Paganini / 8d

•

US indicts Qakbot botnet leader

The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. The U.S. authorities have indicted Russian national Rusta